We use cookies to customise content for your subscription and for analytics.If you continue to browse Lexology, we will assume that you are happy to receive all our cookies. For further information please read our Cookie Policy.

New round of SEC cybersecurity examinations of financial service firms and their cyber controls

The Office of Compliance Inspections and Examinations (the OCIE) has just published a new Risk Alert on cyber risks and precautions identifying specific areas it will be focusing on during the second round of examinations of brokerage and advisory firms this year.

In an appendix attached to the Risk Alert, the OCIE lists documents and materials each firm should maintain. These include board minutes and briefing materials on cyber risks and planning, periodic risk assessments, data mapping of personal information, and relevant third party vendor management policies.

In this second round of examinations, examiners will continue to gather information on cybersecurity-related controls and will assess what progress firms are making on cybersecurity. In this Risk Alert, the OCIE noted six areas of focus and provided items to consider for each area, which are summarized below:

Governance and Risk Assessment

Policies and procedures relating to the protection of customer or client records and information;

Information regarding the discovery process, escalation, and any responsive remediation efforts taken with regard to any incidents of unauthorized internal or external distributions of personally identifiable information or access of such unauthorized access of firm systems; and

Information regarding the amount of any actual client losses associated with cyber incidents, as well as any amount of client losses reimbursed by the firm or insurance claims related to cyber events which were filed.

Although these areas are designated by the OCIE as of particular importance, examiners may select additional items to review during the course of the examination.

Related topic hubs

Compare jurisdictions: Data Security & Cybercrime

“The new ACC Newsstand is one of the best e-resources that I have encountered in 21 years of practicing Employment Law. The information is timely, helpful and easy to navigate. Thank you for offering it and please continue it indefinitely!!”